Checking the logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by silas, Apr 16, 2010.

  1. silas

    silas MajorGeek

    Brief summary heres my thread incase you wanted it http://forums.majorgeeks.com/showthread.php?t=214266 Pretty much I added RAM so no issue should be there. Anyways it started getting sluggish to slow again after this last update on the computer.. Either its from the last update or the msn live messenger I tried to install. But anyways I tried going to system restore and no restore points. So making sure its clean. And also any thing under add/remove that needs to be removed? Heres logs.
     

    Attached Files:

    silas, Apr 16, 2010
    #1
  2. silas

    silas MajorGeek

    Hopefully I got all the scan logs needed.
     

    Attached Files:

    silas, Apr 16, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not seeing much at all here... let's do the below:

    1. Please go to Add/Remove programs and uninstall the following software:

    • Java(TM) 6 Update 18

    2. Did you create these folders? I presume so...

    • C:\New Folder (6)
    • C:\New Folder (5)
    • C:\New Folder (4)
    • C:\New Folder (3)
    • C:\New Folder (2)
    • C:\New Folder

    3. Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    
KILLALL::

DirLook::
C:\Documents and Settings\All Users.WINDOWS\Application Data\4TN1yM8yOli8Ir5E

File::
c:\documents and settings\mel\local settings\temp\~df9160.tmp

Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    4. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    5. Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Apr 16, 2010
    #3
  4. silas

    silas MajorGeek

    I uinstalled java from the add/remove I Copied the text into notepad and put it over combofix. It opened and asked to click yes or no twice I click yes. It updated and ran combofix. Afterwards it restarted the computer itself. Once restarted the computer sat for a very long time while opening windows.. and I notice combofix there so that must be why. Anyways combofix did its thing eventually. I then went to link installed the new sunjava and clicked the .bat file.. Now its done and Iam attaching the log files. Hopefully combofix fixed what was needed to fix. I am sure the mgtool folder holds the combo fix information.

    Another note is that I made those folders.. because while back when getting a fix.. mgtools installed and extracted things. And when I went to higihlight all the stuff in C: where MGtools was I highlighted and deleted.. then it said some things will not run. Which later I found out were system files that are what runs the computer.. I guess they show up when showing hidden folders.. and attachments.. So I put the box there. Also when I go to uninstall MGtools.. I go to start and explorer and undue the show hidden folder/exstensions so I dont delete them with MGtools..

    Another thing I wanted to ask was what was this "fix for" ?

    It doesn't look like it has to do with my issue of slowness/slugish after last update on windows.. and no system restore points to revert back to on my computer so I am at a lost.
     

    Attached Files:

    Last edited by a moderator: Apr 17, 2010
    silas, Apr 16, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Well you came to me wanting me to verify that your logs were clean. The fix was not really a fix as such, I found an odd looking folder which I would like for you to delete if you do not know what it is:

    I killed off some dead BHO's and deleted a temp file. Just tidy up basically that will not hurt.

    No you're correct, it doesn't. I do not know why you would want to revert back anyway after what we have done here now, but you can post in software regarding your system restore points.

    If the directory above deleted successfully then you can follow final steps:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Apr 17, 2010
    #5
  6. silas

    silas MajorGeek

    I followed the instructions and thank you. I was just making sure this software issue wasn't really something sneaky that got on here. I posted but no one has replied to my software thead. No restore points are there anymore and my computer is slow like no RAM was added and it happen right after an update from windows.. SO I was hoping there was a "different way of converting back" then the system restore. To get passed the windows update. Thanks again
     
    silas, Apr 17, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're welcome. Safe surfing! :)
     
    Kestrel13!, Apr 19, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds